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Abstract. We present a logical separability analysis for a functional 
quantum computation language. This logic is inspired by previous works 
on logical analysis of aliasing for imperative functional programs. Both 
analyses share similarities notably because they are highly non-com- 
positional. Quantum setting is harder to deal with since it introduces 
non determinism and thus considerably modifies semantics and valid- 
ity of logical assertions. This logic is the first proposal of entangle- 
ment/separability analysis dealing with a functional quantum program- 
ming language with higher-order functions. 



1 Introduction 

The aim of high level programming language is to provide a sufficiently high level 
of abstraction in order both to avoid unnecessary burden coming from technical 
details and to provide useful mental guidelines for the programmer. Quantum 
computation [4] is still in its prime and quantum programing languages remain 
in need for such abstractions. Functional quantum programing languages have 
been proposed and offer ways to handle the no-cloning axiom via linear A-calculi 
[9, 7]. In [1] is developed QML in which a purely quantum control expression is 
introduced in order to represent quantum superposition in programming terms. 
Another crucial ingredient of quantum computation is the handling of entan- 
glement of quantum states during computation. Indeed without entanglement 
it is possible to efficiently simulate quantum computations on a classical com- 
puter [10]. A first step to deal with entanglement, and its dual: separability, has 
been done in [5] in which a type system is provided in order to approximate the 
entanglement relation of an array of quantum bits. 

Quantum bits entanglement analysis shares some similarities with variables 
name aliasing analysis. Indeed, aliasing analyzes are complicated since an action 
on a variable of a given name may have repercussions on another variable having 
a different name. The same kind of problems occur between two entangled quan- 
tum bits : if one quantum bit is measured then the other one can be affected. In 
both cases there is a compositionality issue: it is hard to state anything about 
a program without any knowledge of its context. It seems therefore sensible to 
try to adapt known aliasing analysis techniques to the quantum setting. 



In this paper we follow the idea developed in [2] and adapt it for entangle- 
ment/separability analysis in a functional quantum programing language with 
higher order functions. The work of [2] has to be adapted in a non determin- 
istic setting, which is inherent of quantum computation, making the semantics 
and soundness of the logic radically different. Moreover, our results are a strict 
improvement over [5] in which only first order functions are considered. 

1.1 outline of the paper 

We first start by giving the definition of the dual problems of entanglement and 
separability, together with quick reminders on quantum computation, in section 
2. Then, in section 3, we present a functional quantum computation language 
in section for which we define an entanglement logic in section 4. Finally, we 
conclude in section 5. 

2 Separability and Entanglement 

A n qubits register is represented by a normalized vector in a Hilbert 2™- 
dimension space that is the tensorial product of n dimension 2 Hilbert spaces on 
C 2 . Each 2 dimension subspace represents a qubit. For a given vector, written 
\ip), qubits can be either entangled or separable. 

Definition 1 (Entanglement, Separability). Consider \ip) a n qubits regis- 
ter, ip is separable if it is possible to partition the n qubits in two non empty 
sets A,B, two states \<pa) and \^pb) describing A and B qubits, such that \(p) = 
Wa) <8> Ypb)i where \<pa) and \<Pb) , otherwise it is said entangled. 

By extension, two qubits q, q' are separable if and only if there exists a par- 
tition A,B, two states \<pa) and \<pb) describing A and B qubits, such that 
\ L P) = Wa) <8> \<Pb); with q G A and q' G B . Otherwise q, q' are entangled. 

Definition 2 (Entanglement relation). Let a n qubits register be represented 
by \if). The entanglement relation of \(p) , E(|<p}) 7 over qubits of the register is 
defined as follows: (x,y) G E(|<^}) if and only if x and y are entangled. 

The entanglement relation is an equivalence relation. It is indeed obviously 
symmetric and reflexive. It is transitive because if (x,y) G E(|y)) and (y, z) G 
E( | (£>)). It is possible to find a partition X, Z (with x G X and z G Z) and 
\<Pz) such that \ip) — \<fx) ® Wz)- y is either in X or Y then either (x,y) 
or (y,z) is not in E(|(^)), thus the result by contradiction. 

3 a functional quantum computing language 

We use a variant of Selinger and Valiron's A-calculus [7] as programming lan- 
guage. Instead of considering arbitrary unitary transformations we only consider 
three: quantum phase X, Hadamard transformation Sj, and conditional not £not. 



This restriction doest not make our language less general since it forms a univer- 
sal quantum gates set, see [4]. It makes entanglement analysis simpler. Indeed, 
only Cnot may create entanglement. We also introduce another simplifications: 
since the calculus may be linear only for quantum bits we do not use all the lin- 
ear artillery (bang, linear implications etc) but only check that abstractions over 
quantum bits are linear. Moreover we suppose a fixed number of quantum bits, 
therefore there are no new operators creating new quantum bits during compu- 
tation. Indeed as shown in [6] name generation creates nontrivial problems. 

Therefore, in the following we suppose the number of quantum bit registers 
fixed although non specified and refer to it as n. 

3.1 Syntax and types 

Definition 3 (Terms and types). X® terms and types are inductively defined 
by: 

M, N, P ::= x \ q t | 1 | | \x : M.N | (M N) 

| 1 | | (M, N) | Ti t N | if M then N else P \ 
meas | Cnot | Sj | 1 

cr,r ::= B | B° | a -> r | er (g) t 

where x denotes names of element of a countable set of variables, qi, where 
i £ {l..n} are constant names that are used as reference for a concrete quan- 
tum bit array. 1,0 are standard boolean constant. ntN with i £ {1,2} is the 
projection operator. Terms of the third line are quantum primitives respectively 
for measure, quantum bit initialization and the three quantum gates Conditional 
not, Hadamard and phase. 

We only have two base types B for bits and B° for quantum bits, arrow and 
product types are standard ones. 

Note that if quantum bits are constants, there can be quantum bits variable in 
this A^. Consider for instance the following piece of code: (Ax : M. if M then q\ else 
After reduction x may eventually become either qi or q 2 . Wc write q without 
subscript to denote quantum bit variables. 

Definition 4 (Context and typing judgments). Contexts are inductively 
defined by: 

r ::= • | r, x : a 

where a is not B° . 

We define lists of quantum bits variable by: 

A::=-\A,q 

Typing judgments are of the form: 

T; yl h M : a 

and shall be read as : under the typing context T ', list of quantum bits variable 
A , the term M is well formed of type a. 



As usual we require that typing contexts and lists are unambiguous. It means 
that when we write P, x : a (resp. A, q) x (resp. q) is implicitly supposed not to 
appear in P (resp. A). Similarly when we write Pi, P2 (resp. A\,A 2 ) we intend 
that A and P 2 (resp. A\ and A 2 ) are disjoint contexts. 

Typing rules are the following : 



r ., h0 . D [^] 



P;- h 1 : B L J f; • h : B 

r ; • h M : cr 



r, x : r; • h M : a 1 



P,x:cr;/lhM:T r P; /l h M : cr ^ r P; • h AT : ct . 

J J p. a i— 777 aa . l-^J 



P; yl h Ax : ct.M : a t 1 1 r-A\-{M N):t 

r-A,q\-M:r r P; ^ h M : a -> r P; yl 2 h A^ : cr 



r-AY- Xq:B°.M : B° ^r L J J"; A\,A 2 h (M AT) : r 

r ; ^ir-M:r r;yl 2 hiV:(T 



P; Ai,A 2 h (M,7V) : r Oct 
r ; yli h M : B P; A 2 h AT : t P; /1 2 h P : t 



r ; yli, yl 2 h if M then AT else P : r 

P';/l h M : ti 072 
P; /l h 7T 4 M : n 

P; /l h M : B 



[®J] 

>P 7] 



P;/l h Sj M : B 
P;/l h M : B° 



ti € {1,2} 
- [HAD] 



r-A h 1 M : B 

P; /l h M : B° 
P; /l h meas M : B 

P;yl h M : B° <g> B l 



MPAS*] 
[CNOT] 



r-,A h Cnot M : B° ®B° ' 

Where in rule [(g) P] P' = P, x : cr, y : r if ct and r are not B° , P' = P, x : cr 
(resp. P, y : r) if r (resp. cr) is B° and a (resp. r) is not B°. /1' 2 is build in a 
symmetrical way, thus A' 2 is A 2 augmented with variables x or y if and only if 
their type is B°. 



A^ is a standard simply typed A-calculus with two base types which is linear 
for terms of type B° . Thus we ensure the no-cloning property of quantum physics 
(e.g. [4]). 



3.2 Operational semantics 

Quantum particularities have strong implications in the design of a quantum 
programming language. First, since quantum bits may be entangled together it 
is not possible to textually represent individual quantum bits as a normalized 
vector of C 2 . We use |1) and |0) as base. Therefore, a quantum program manip- 
ulating n quantum bits is represented as a quantum state of a Hilbert space C 2n 
and constants of type B° are pointers to this quantum state. Moreover, quantum 
operators modify this state introducing imperative actions. As a consequence an 
evaluation order has to be set in order to keep some kind of confluence. Moreover, 
A^ reductions are probabilistic. Indeed, quantum mechanics properties induce 
an inherent probabilistic behavior when measuring the state of a quantum bit. 

Definition 5 (A^ state). LetT;A h M : a. A A^ state is a couple [\ip), M\. where 
\ip) is a normalized vector of C 2 ™ Hilbert space and M a X® term. 

An example of A^ state of size n = 2 is the following: 

[\<p), (Xq : B°.if (meas qi) then 1 else (meas (1 q)) q 2 )] 

where \tp) = ^(|0) + |1)) <8> (||0) + qi is the quantum bit denoted by 

^75 (|0) + |1)) and q 2 the one represented by ||0) + 

We consider call by value reduction rules. Values are defined as usual. 

Definition 6 (Values). Values of X® are inductively defined by: 

U, V ::= x | 1 | | 9i | Az : a.M \ (V, V) \ (F x) 

Where F is one of the following operators 7Tj, £not, T, Sj, meas 

We can now define probabilistic reduction rules. We only mention probabili- 
ties to be accurate although we are not going to investigate any related problems 
in this paper (we do not consider confluence problems etc.). 

Definition 7 (Quantum reductions). We define a probabilistic reduction be- 
tween Xl states as: 

[\<p),M\ ^ p W),M'\ 
That has to be red \\ip),M] reduces to [\ip'},M'} with probability p. 



Reduction rules are the following: 

[\<p), (Ax : a.M V)] ~, \\<p),M{x := V}} W] 
[\ V ),N]^ P W),N>] 



[\<p),{M N)]^ p [\cp'),(M N')} 
[\<p),N] ^ p [|y'),AT 



[|^),(M N)]^ P [W),{M N 1 )] 
[\ V ),M] ^ p W),M> 



[Ape] 



[\y),{M V)]^ P [W),{M> V)Y 
[\<p), if 1 then M else N] -n [\<p),M] ^ IF ^ 

[\<p), if P then M else JV] -> P [\<p), if P' then M else AT] 
[|<p), if then M else iV] ->i [|y), A 7 ] 

ie{i,2} 



[7P] 



[\<p),MVl,V 2 )] ^1 MM 



nil 



[\tp), M] — > p [\tp'), M'\ rj-^Tni N] — > p [\<fi'), AT'] 



[|^),<M,AT>] [|^'),(M',7V)] [LFT] [k),(F,AT)] ^ IWUV,N')] [RGT] 



[|^),(S gi )]-i [^(lv»,?i] L [|v>,(« 

[MEF] 

[<*\<P0) +/3|y»i),(meas &)] -> H 2 [|<^ ),1] 

-[MPT] 



M^o) +/%l)>( meas *)] — tl^l): °] 

[CWO] 

[|^},(£not < gj ><&)] -l [<£not^(|^»,( M )] 

In rules [MPT] and [MPF], let |<p) = a|<po) + (3\ipi) be normalized with 
\<Pl) = Ei = l"ail4> ® I 1 ) ® l#> 

lvo> = Ei = i n AI0?) ® |o) ® IV?) 

. where |1) and 0) is the ith quantum bit. 

We say that the set of rules containing [/?], [f3V], [App], [Ape], [Apv], [IF], 
[IF/F], [IF/T], [n]i, [LFT], [RGT] is the purely functional part of \f, the other 
rules are the quantum part of A^. 



Based on this reduction rules one can define reachable states, by considering 
the reflexive-transitive closure of —* p . One has to compose probabilities along a 
reduction path. Therefore [\ip'),M'} is reachable from [\ip'),M'}, if there is a non 
zero probability path between those states. More precisions can be found in [7]. 

Computations of a A^ term are done from an initial state where all registers 

n-l 

are set to |0): \<pq) = 1°) ®~'^~<i> |0) 

Proposition 1 (Subject Reduction). Let r, A h M : t and M — > p M' , then 
r,A\-M':r 

Proof. From the typing point of view is nothing more than a simply typed 
A-calculus with constants for quantum bits manipulations. Note that T, Sj, CCnot 
act as identity functions (from the strict A-calculus point of view). The measure- 
ment is simple to deal with since it only returns constant (hence typable in any 
contexts). 

4 Entanglement logic for 

We present a static analysis for the study of the entanglement relation during 
a quantum computation. The idea that we follow in this paper is to adapt the 
work [2] to the quantum setting. The logic is in the style of Hoare [3] and leads 
to the following notation: 

{C}M : r > A < u{C"} 

where C is a precondition, C is a post-condition, M is the subject and u is its 
anchor (the name used in C to denote M value). Informally, this judgment can 
be red: if C is satisfied, then after the evaluation of M, whose value is denoted 
by u in C, C is satisfied, r-, A is the typing context of M and A is the anchor 
typing context : it is used in order to type anchors within assertions. Indeed, 
anchors denote terms and have to be typed. 

Since we are interested in separability analysis, assertions state whether two 
quantum bits are entangled or not. Moreover, since separability is uncomputable 
(it trivially reduces to the halt problem since on can add <£noi(qi, qj) as a last 
line of a program in such a way that and qj are entangled iff the computation 
stops), assertions are safe approximations: if an assertion state that two quantum 
bits are separable then they really are, whereas if two quantum bits are stated 
entangled by an assertion, it is possible that in reality they are not. 

4.1 Assertions 

Definition 8. Terms and assertions are defined by the following grammar: 
e,e' ::= u \ g» | (e, e') | 7r 4 (e) 

C,C ::= u«->«| ||e|e = e' 

-nC | c v a | c a c | c => a \ vu.c | b u .c 

{C} ei • e 2 = e 3 {C"} 



Where u, v are names from a countable set of anchor names. 

The idea behind assertions is the following: every subterm of a program is 
identified in assertions by an anchor, which is simply a unique name. The anchor 
is the logical counterpart of the program. Note that the name of quantum bits 
are considered as ground terms. 

Assertion u <-> v means that the quantum bit identified by u is possibly 
entangled with v. Notice that ->u <-► v means that it is sure that u and v are 
separable. \\u means that it is for sure that the quantum bit is in a base state (it 
can be seen as a\b) where b is either 1 or 0). Thus -i||u means that u may not 
be in a base state (here the approximation works the other around). Assertion 
{C}ei»e 2 = e 3 {C'} is used to handle higher order functions. It is the evaluation 
formula. e 3 binds its free occurrences in C. following [2], C, C are called internal 
pre/post conditions. The idea is that invocation of a function denoted by e\ with 
argument e 2 under the condition that the initial assertion C is satisfied by the 
current quantum state evaluates in a new quantum state in which C is satisfied. 
C describes the new entanglement and purity relations. 

The other assertions have their standard first order logic meaning. Notice 
that in V and 3 binder are only meant to be used on quantum bits. That is Vu.C 
means that u is either of the form qi or of the form x, with x of type B° but 
cannot be of the form (e, e'). 

In the following we T (resp. F) for the following tautology (resp. antilogy) 
u = u (resp -i(u = u)). 



Definition 9 (Assertion typing). 

— A logical term t is well typed of type t, written r; A; A h t : r if it can be 
derived from the following rules: 



(u:t)£ T; A; A 
r;A;Ahu:T 



[TAsAx] 



r;A;Ah qi : B 



- [TAsQ] 



r;A;A\-e:r r; A; A h e' : r' 
r-A-AY- (e,e') :t®t' 



[TAs®] 



r;A;A'ru:T 1 <Z)T2 
r ; A; A h m{u) : n 



[TAswi] 



with i G {1,2}. 



— An assertion C is well typed under context T; A; A written T; A; A h C if it 
can be derived from the following rules: 



T;A;Ahe^e' 

r- A; A h e : B° 
r-A;A\- \\e 

r-,A;A\-e-.T T;A;A^e':T 
r-A-A^e^e' 



[TAs\\] 

[TAs 



r-A-AhC . 
I-..Y.A C lAs 

T;A;A^C r-A;A\-C 
T; A; A h C A C 

r-A;A\-C r-A;A\-C 
r;A;A\-CVC 

r-A;A\-C r-A;A\-C 



[TAsA] 
[TAsV] 



T;A;AhC =4> C 

r;A;A,u:B° h C 
r;A;A^\/u.C 

r;A;A,u:B°\-C 
r;A;A\-3u.C 



[TAs 
[TAsV] 
[TAs3] 



r;A';A\- e2 : a 

r;A,A';AhC /j A, A j A,e3 : r h C" T: A; A'r el : a ^ t 

r;A,A';A\- {C}el • e2 = e3{C'} [ 3 1 

Assertion typing rules may be classified in two categories. The first one is the 
set of rules insuring correct use of names with respect to the type of the term 
denoted by them. It is done by rules [TAs <->] [TAs\\] [TAs =] [TAsV] [TAs3] 
and [TAsEV]. The second set of rules is used to structurally check formulas: 
[TAH [TAsA] [TAsV], and [TAs =>]. 



4.2 Semantics 

We now formalize the intuitive semantics of assertions. For this, we abstract the 
set of quantum bits to an abstract quantum state. The approximation (we are 
conservative in saying that two quantum bits are entangled and in stating the 
non-purity of a quantum bits) is done at this level. It means that for a given 
quantum state there are several abstract quantum state acceptable. For instance 



stating that all quantum bits are entangled, and not one of them is in a base state, 
which is tautological, holds as an acceptable abstract quantum state for any 
actual quantum state. The satisfaction of an assertion is done relatively to the 
abstract operational semantics. We develop an abstract operational semantics in 
order to abstractly execute A^ programs. 

Abstract quantum state and abstract operational semantics Let the 

fixed set of n quantum bits be named S in the following of this section. Let also 
suppose that the quantum state of S is described by \<p) a normalized vector of 
C 2 . 

Definition 10 (Abstract quantum state). An abstract quantum state of S 
(AQS for short) is a tuple A = (TZ, V) where V C S and 1Z is a partial equivalence 
relation on (S \ V) x (S \ V) . 

Relation TZ is a PER since it describes an approximation of the entanglement 
relation and there is not much sens in talking about the entanglement of a 
quantum bit with itself. Indeed because of the no-cloning property it is not 
possible to have programs p : B° x B° — > t requiring two non entangled quantum 
bits and to type (p {q%,qi))- 

The equivalence class of a quantum bit q with relation to an abstract quantum 
state A = (TZ, V) is written q A . 

Definition 11 (AQS and quantum state adequacy). Let S be described by 
\ip) and A = (TZ,V) an AQS of S. A is adequate with regards to \ip), written 
A \= \ip), iff for every x,y G S such that (x, y) £ TZ then x, y are separable w.r.t. 
\ip) and for every x e V then the measurement of x is deterministic. 

Suppose that S = {91,92,93} and \ip) = l/ v /(2)(|0) + |1) ® 1/^(2)(|0) + 
|1) <g> |1) then: 

- A = ({(9i,52), (92, qi)}, {93}) 

- A ' = ({(91,92), (92,91), (92,93), (93,92), (93,91), (9i,93)},0) 
are such that A \= \ip) and A' \= \ip). On the other hand: 

- B = ({(91,92), (92, 9i)}, {92, 93}) 

- B' = (0,{9 3 }) 

are not adequate abstract quantum states with relation to \ip). 

We now give a new operational semantics of terms based on abstract 
quantum states transformation. 

Definition 12 (Abstract operational semantics). We define an abstract 
operational semantics of a term M such that r;A\-M:r between AQS as : 



[A, M] ^ A [A',M'] 



We often write —>a instead of —> A A when typing contexts play no role or can 
be inferred from the context. 

Reduction rules are the same ones as those of definition 7 for the functional 
part of the calculus where the quantum state is replaced with an abstract state. 
We have the following rules for the quantum actions: 

APHS A ] 



[(tz,p),(i %)] -u [(n,r), qi 
[{K,v),{fi qt )}^ A [(n,p\{ qi }), qi } [HDRa] 

=- [MET A ] 

[{Tl,V),(meas qi )] ^ A [(K \ QuV U 

-[CN01 A }if qi eV 



[(n,v),(<txioi ( qi , qj ))} -u [(Tz,p),( qi , qj )] [ 

[CNO0 A }if qi ?V 



[(H,V),(€noi (gi, ?,•>)] ~U [(ft • Qi «- Qj,V \ {*,<&}),<<&,<&>] ' 

Where ^ is non deterministically 1 or 0, TZ\(ji is the equivalence relation such 
that if (x, y) G relentangle and x ^ qi or exclusive y ^ qi then (x, y) G TZ \ % 
otherwise (x,y) £lZ\c[i, and where TZ ■ qi (jj is the equivalence relation TZ in 
which the equivalence classes ofq i7 qj have been merged together. 

Note that this abstract semantics is not deterministic since it non determin- 
istically gives 1 or as result of a measure. Its correctness can hurt the intuition 
since the measurement of a quantum bit in a base state, say |1), can never 
produce |0). Note also that since our system is normalizing the number of all 
possible abstract executions is finite. Hence, computable. 

Definition 13 (Abstract program semantics). Consider an AQS A, the 
semantics of program .T; A h M : r under A, written , is the set of A' 

such that [A,M] -^* A [A',V] where V is a value. 

Notice that the abstract semantics of a program is a collecting semantics. It 
may explore branches that are never going to be used in actual computation. 
Indeed in the operational semantics measurement gives a non deterministic an- 
swer. Nevertheless, correctness is ensured by the if judgment rules (see rule [IFj] 
in definition 20). 

Proposition 2. Let A |= \ip), T;A\- M :t. Suppose that [\<p),M] ->* W),V] 
then there exists A' \= \ip') such that [A, M] -^* A [A',V\. 

Proof. The proof is done by induction on the number of steps of the reduction 
between [|y>),M] and [|y>'), V. The proposition is clearly true if there is step 
since M = V, <p = <p' and A' = A proves the result. 

Now consider the last rule used. If this rule is one of the purely functional 
part of the calculus (see def. 7) the proposition follow directly from the induction 



hypothesis since the AQS is not changed. We thus have the following possibilities 
for the last rule: 

— It is [PHS_a]: If the qbit q on which phase is applied is a base state it can 
be written a\l) with / being either 1 or 0. Thus Tg = exp I7r / 4 a, thus still a 
base state. Hence V remains unchanged. 

— It is [HDR A ]: if (TZ,P) \= <p, then (R,V \ {q l }) \= {fii \<p}) because of 
definition 11 since in (Sji \<p)), any qj is in a non base state only if it is in a 
non base state in \ip). 

— It is [METa\: After the measure the qubit vanishes. Moreover concrete mea- 
sure probabilistically produces 1 or 0. Regarding the concrete result one can 
choose the appropriate value as result of the abstract measure, moreover the 
measured qubit is in a base state (hence the V U {qi}). 

— It is [NEW_a]: then by definition \ip') = |1) <E> \(p), hence quantum in a base 
state in <p remain in a base state in ip' , moreover the new qubit is in a base 
state. 

— It is [CNO0 A }: If the two qubits qi = a\l), qj = (3\V) are in a base state then 

• If I = 1 then Cnot(a|l) <g> j3\l')) = a\l) <8> /3\->l') 

• If I = then £not(a|0) <g> (3\l')) = a|0) ® (3\V) 
in both cases we obtain two separable qubits. 

If only qi = a'\l) is in a base state and qj — a\0) + /3|1) is not. 

• If / = 1 then £not(a|l) <g> a|0) + /3|1)) = a'\l) ® 0\1) + a\0) 

• If / = then £not(a'|l) ® a\l) + (3\0)) = a'\l) ® a\l) + /3|0)) 

here also we obtain two separable qubits. Moreover in all cases % remains in 
a base state. 

— It is [CN01_a]: The property follows from induction hypothesis and from 
the fact that 1Z and V are safe approximations. 

Semantics of entanglement assertions We now give the semantics of a well 
typed assertion with relation to a concrete quantum state. It is done via an ab- 
stract quantum state which is adequate with regards to the concrete quantum 
state. The idea is as follows: if \<p) \= A, and if .T; A; A h C then we define the 
satisfaction relation M r ' A ' A \= C, which states that under a proper model de- 
pending on the typing context, then C is satisfied. Basically it amounts to check 
two properties : whether or not two quantum bits are in the same entanglement 
equivalence class and whether or not a particular quantum bit is in base state. 

Definition 14 (Abstract observational equivalence). Suppose that T; A\- 
M, M' : t. M and M' are observationally equivalent, written M = A A M' , if 
and only if for all context C\] such that •; • h C[M], C[M' ] : B and for all AQS 
A we have 

lC[M]\ r A A = {C[M']fx A 

The equivalence class of M is denoted by M^' , by extension we say that the 
type of this equivalence class is t. 



Definition 15 (Abstract values). In assertion typing context T; A; A, an ab- 
stract value v^fat °f tyP e T ' where r ^ a ® a' , with relation to context T; A; A 
and AQS A = '{K,P) is: 

— An equivalence class of type r for > tf T B°. 

— a pair (C, b) formed by an equivalence class CoflZ and a boolean b ( the idea 
being that if b is true then the denoted qubit is in V). 

If t = a' <S> o~" , then v^' A,A is a pair (v',v") formed by abstract values of 
respective types a', a". 

The set of abstract values under an AQS A, typing context r-,A;A and for 
a type t is written E^' A ' A . 

Abstract values are used to define the interpretation of free variables. Since 
in a Given an assertion typing context T; A; A more than one type may occur we 
need to consider collections of abstract values of the different types that occur in 
T; A; A : we write 5r-,A;A the disjoint union of all S r '> A '< A for every r in T; A; A. 

Definition 16 (Models). A T; A; A model is a tuple M r ' A ' A = (A,T), where 
A is an AQS, 2 is a map from variables defined in T; A; A to £r-,A;A- 

In order to deal with evaluation and quantified formulas we need to define a 
notion of model extension. 

Definition 17 (Model extensions). Let M r ' ,A;A — (A,T) be a model, then 
the model M! written M -x : v = (A,l'), where v <E S^'^'' A is defined as follows: 

— the typing context of M! is T; A;A,x: t. 

— If the type of x is t — a ® & ' , then v is a couple made of abstract values 
V, v" of respective type a, & ' . 

— If the type of x is B°: if v = (C, 1) then A' = (11 U C, V U {x}), otherwise 
if v = (C, 0) then A' = (1Z U C, V). 

— If the type of x is a ^ B°, then: T'(y) ~ I(y) for all x ^ y and I'(x) = v 

We now define term interpretation. It is standard and amounts to an inter- 
pretation of names into abstract values of the right type. 

Definition 18 (Term interpretation). Let A4 r A = (A,J,t) be a model, the 
interpretation of a term u is defined by: 

— [v\m — 1{u) if the type of u is not B° . 

~ [Qi]m — {Qi A ,b A ), where bf is true iff q{P with A = (R,V). 

— [{e,e')] M = ([M\a,W\m) 

Definition 19 (Satisfaction). The satisfaction of an assertion C in the model 
M = (A,T), is written A4 \= C , is inductively defined by the following rules: 

— M\=U<r+V if (n 1 ([u] M ), 7Tl(Hm O de0) £ K A - 

— M \= \\u if TT2 ([u]m) is true. 



- M h e i = e 2 if INU = [ei]A- 

- M. \= if \= does not satisfy C . 
-M\=CvC'ifM\=CorM\=C. 

- M \= C AC if M \= C and M \= C . 

- M\=C => C if M h C* implies M \= C . 

- M \= Vu.C if for all model M' = M ■ u.v, one has M' \= C. 

- M |= 3u.C if there is an abstract value v such that if M! = M ■ u.v, one 
has M' h C. 

- M h {C}ei • e 2 = e 3 {C"} if for all models M' r ' A ' A = (A',T) such that 
A4' r ' A ' A \= C, with the following conditions: .T; A; A h e\ : a — > t, and 
r-. A; Ah e 2 : o such that for all terms t\ E [eijx',^ £ |[ e 2]|x' one has 

. [A, {t\ t2 )]^ A [A',V] 
• we have two sub-cases: 

1. t is B° and V = Qi and M' — M ■ e 3 : (qi A ' ,qt G Va') 

2. t is not B° and M' ■ e 3 : V% ' MA ' T \= C" 



4.3 Judgments and proof rules 



We now give rules to derive judgments of the form {C}M ; r ' A - A ^ T u{C'}. Those 
judgments bind u in C", thus u cannot occur freely in C . There are two kinds of 
rules: the first one follow the structure of M, the second one are purely logical 
rules. 



Definition 20 (Language rules). Let r-, A h M : t, we define the judgment 
{C}M :' : 1: u{C'} inductively as follows: 



{C A \\u}N -r;A;A;B°®B° {UiV){C '} 
{CA \\u}(€notN) : r;A;4;B°»B° ( U;W ){C"} [ ° u JJ 



{C}.\ :' v » fc,v){C"} 
{C}(£not N) : r;A;A;i}°®B° ( UjV ){C Au^v} 

{C}N : / : ,: Ui 



[CWOT2, 



{C}(£ AT) -J A: \ u w {C"[-.||t;]} 
{C}N :' v vn u{C'} 



[HAD, 



{C}(1 N) -r;A;A,Bo u { C ,y 



-[PHASE.,] 



.r:A;A,u:r;r 0l! r\ l V AR ^ 



{C[u/x]}x : r;A;A,u:r;r 
ce {1,0} 



{C}C :' ■ t: \ , 15 15 ^{(7} 

{C}M : r:A ' A r- A; A; B°{u}C 
{Cjmeas M -r-.A-A^B v {C'[-u] A \\u} 

{C}M : / : ,: b{C } {C [l/b]}N : I : U V ' x{C'} {C [0/b}}P :' x{C'} 



[CONSTj] 

[MEASj] 

A:A:t ,.\ r '\ 

[IFj] 



{C}if M then N else P :^;A«:t;t 

{C}(M JV) ■r-A- t A,u:r;r 



[APP 



{C~ x A C }M m{C'} 

{C}Ax : M. : J , [-x]^[-x];4, U : < r-T;<T-T u {Vx.{C }u »x = m{C'}} 1 JJ 

{C}M : l :A: Vr m{Cg} {C }N :' 1: V t n{C"[m/u, T0j} . 

{C}(M,JV) :^;A«:r,« : a;T ( Ul v}{C'}} ^ 

{C}M : ^;^i®r 2 m {C'[ 7 r i (m)/u]} i G {1, 2} 



{C}7T 4 M ■r;A;Au:r i ;r i U { C >} 



7TJ U 



Where in rule [HADj], if there exists C" such that C" A\\u = C the assertion 
C"[-i||w] is C" A-i||u otherwise it is C'^\\u. In [MEASj], the assertion C'[—u] is 
C where all assertions containing u have been deleted. In [ABSj], C~ x means 
that x does not occur freely in C. In [VARj], C[u/x] is the assertion C where 
all free occurrences of x have been replaced by u. 



Judgment of the purely functional fragment are standard see [2]. We have 
just modified the way to handle couples in order to ease manipulations, but 



we could have used projections instead of introducing two different names. Re- 
garding the quantum fragment, rule [C'NOTlj] has no influences over quan- 
tum entanglement since the first argument of the <£not is in a base state; rule 
[CNOT2j] introduces an entanglement between the two arguments of the £not 
operator. Notice that it is not useful to introduce all entanglement pairs intro- 
duced. Indeed, since the entanglement relation is an equivalence relation one 
can safely add to judgment (see logical rules that follow in def. 21) statements 
for transitivity, reflexivity and symmetry of entanglement relation, for instance 
Mx, y, z.x ^> y Ay ^> z x ^> z for transitivity. Indeed any abstract quantum 
state, by definition, validates those statements which will be implicitly supposed 
in the following. As we saw in the proof of proposition 2, the phase gate does not 
change the fact that a quantum bit is in a base state, whereas the Hadamard 
gate may make him not in a base state, hence explaining the conclusions of rules 
[HAD,,] [PHASE,,]. 

We now give purely logical rules. One may see them as an adapted version 
of standard first order logic sequent calculus. 



Definition 21 (Logical rules). 

{Cq}V : u{C } ChC' {) C \-C 
{C}V : u{C'} 

{C}V : u{C'} 
{CACo}^ : u{C AC } 

{CACpjV: u{C'} 
{C}V : u{C =► C'Y 

{C}M : u{C =» C'} 
{CAC }V : u{C'} 

{C\}M : u{C} {C 2 }M : u{C} 
{Ci V C 2 }M : u{C} 

{C}M : u{d} {C}M : u{C 2 } 
{C}M : u{d A C 2 } 



[LOG,] 



[promote] 
ELim] 
[AElim] 

[VL] 
[AR] 



{C}M : u{C'-*} 
{3x.C}M : u{C'Y J 

{C-*}M : u{C'} 
{C}M: u{ix.C'} [ J 

where C h C is the standard first order logic proof derivation (see e.g. [8]). 



We now give the soundness result relating 



Theorem 1 (Soundness). Suppose that {C'}M : r ^ A - A - T u{C'} is provable. 
Then for all model M = (A,l), abstract quantum state A' , abstract value v 
such that 

1. M\=C 

2. [A, M] [A',V] 

3. v e *™* 

then M ■ u : v \= C . 

Proof. The proof is done by induction on judgment rules. The last judgment rule 
used can be either a logical or a language one. If it is a logical one, soundness 
follows from the soundness of first order logic. Observe that we have a value in 
the promotion rule [promote] thus no reductions are possible and the soundness 
is vacuously valid. 

If he last judgment rules used is a language rule, we only consider the quan- 
tum fragment (indeed for the functional fragment, the proof follows directly from 
[2]), thus we have the following cases: 

- [C NOTlj], thus {C}M :' v v ~ u{C'} is in facts {CiA||u'}(£not N) J; ^ 4 ' B>B ° 
(u' ,v'){C'}. By induction hypothesis we know that if M \= C\ A if 

[A, N] -^* A [A',V], and v E Z r A ) A ; A , then M ■ (u',v') : vMC. We know 
that V is a couple of qbits (since judgment is well typed), say (qi,qj). Now 
[A', (£not (q l ,qj))] —>a [A, (q t ,qj)] thanks to rule [CNOIa] and due to the 
fact that M\=\\u'. 

- [CNOT2j], thus {C}M v v " u{C'} is in facts {C}{€noiN) : ™;^b<W 
(u\ v'){C Am'h v'} we reason similarly as in previous case with the differ- 
ence that the last abstract operational rule used is [CNO0_a]. 

- [HADj], thus {C}M : r ' A ' A ^ U {C'} is in facts {C}(Sj N) : /: ,: X:IS u{C"HM}- 
By induction hypothesis we know that if M \= C, if [A, N] — > A [A' , V], and 

v E ^A' A -r A > tnen -M ■ (u) : vMC . Now because judgment is well typed 
r is B°, and V is Thus [A, (jj &)] [{H,V \ and clearly 

A4 ■ (u) : v \= — ■ 1 1 ix, the rest is done by induction hypothesis. 

- [PHASE.,], thus {C}M : r ' A < A < T U {C'} is direct by induction hypothesis and 
considering abstract reduction rule [PHSj]. 

- JDGMEAS, thus {C}M :' : u{C'} is in facts {C}(meas N) -J A Vn 
u{C'[— u] A [\u]}. By induction hypothesis we know that if M |= C, if 
[A,N] -** A [A',V], and v E S^ ;Zi , then M ■ u : vMC. Now because 
judgment is well typed r is B°, and V is qi. Thus [A, (meas qi)] — ^ [(K,PU 
{li} \ fjL an( i dearly M ■ u : v \= ]]u, the rest is done by induction 
hypothesis. 

Example 1. The idea of this example is to show how the entanglement logic may 
be used to analyze non local and non compositional behavior. Suppose 4 qubits, 
x, y, z, t such that x, t are entangled and y, z are entangled and {x, t) separable 
from {y, z}. Now if we perform a control not on x, y, then as a side effect z, t are 



entangled too, even if quantum bits x, y are discarded by measurement. Thus 
we want to prove the following statement: 

{T}P : u{\/x, y, z, t.{x «i/Az<-t t}u »y,z = v{x <-> t}} 
where P is the following program 

Xy, z : let (u, v) = (£not (y, z)) in ((meas u), (meas v)). 

Then using rule L4PPj] we can derive the following judgment on actual 
quantum bits: 

{C}( p (92,93)) : (u,v){q! <-> qi} 

where C denotes the following assertion : q\ <-> q2 A (73 <-> (74 . This judgment is 
remarkable in the fact that it asserts on entanglement properties of q\ , q<± while 
those two quantum bits do not occur in the piece of code analyzed. 

5 Conclusion 

In this paper we have proposed a logic for the static analysis of entanglement 
for a functional quantum programing language. We have proved that this logic 
is safe and sound: if two quantum bits are provably separable then they are not 
entangled while if they are provably entangled they could actually be separable. 
The functional language considered includes higher-order functions. It is, to our 
knowledge the first proposal to do so and strictly improves over [5] on this 
respect. We have shown that non local behavior can be handled by this logic. 

Completeness of our logic remains an open issue worth of future investiga- 
tions. We also hope that this setting will allow reasoning examples on quantum 
algorithms, and that it will provide a useful help for quantum algorithms research 
in providing a high-level, compositional reasoning tool. 
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